summaryrefslogtreecommitdiffstats
path: root/puppet/services
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2016-12-08 13:10:22 +0200
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-01-24 17:52:22 +0000
commita88261aa0542d1224cb6cb4bbd8eb6b546252bc8 (patch)
tree2a97ce6fdcc9c8aa7125d5c51977f302081b661f /puppet/services
parent7020a724049eb7b5f8bfbc503e5a233f97eadb32 (diff)
Pass parameters for TLS proxy in front of Glance-API
If TLS in the internal network is enabled, we run glance-api beind a TLS proxy (which is actually httpd's mod_proxy). This passes the necessary hieradata. bp tls-via-certmonger Change-Id: I693213a1f35021b540202240e512d121cc1cd0eb Depends-On: Id35a846d43ecae8903a0d58306d9803d5ea00bee
Diffstat (limited to 'puppet/services')
-rw-r--r--puppet/services/glance-api.yaml34
1 files changed, 33 insertions, 1 deletions
diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml
index 3ddb1927..09ea5d22 100644
--- a/puppet/services/glance-api.yaml
+++ b/puppet/services/glance-api.yaml
@@ -45,8 +45,23 @@ parameters:
default:
tag: openstack.glance.api
path: /var/log/glance/api.log
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+ use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
resources:
+
+ TLSProxyBase:
+ type: OS::TripleO::Services::TLSProxyBase
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ EnableInternalTLS: {get_param: EnableInternalTLS}
+
GlanceBase:
type: ./glance-base.yaml
properties:
@@ -66,6 +81,7 @@ outputs:
config_settings:
map_merge:
- get_attr: [GlanceBase, role_data, config_settings]
+ - get_attr: [TLSProxyBase, role_data, config_settings]
- glance::api::database_connection:
list_join:
- ''
@@ -100,7 +116,23 @@ outputs:
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
- glance::api::bind_host: {get_param: [ServiceNetMap, GlanceApiNetwork]}
+ tripleo::profile::base::glance::api::tls_proxy_bind_ip:
+ get_param: [ServiceNetMap, GlanceApiNetwork]
+ tripleo::profile::base::glance::api::tls_proxy_fqdn:
+ str_replace:
+ template:
+ "%{hiera('fqdn_$NETWORK')}"
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]}
+ tripleo::profile::base::glance::api::tls_proxy_port:
+ get_param: [EndpointMap, GlanceInternal, port]
+ # Bind to localhost if internal TLS is enabled, since we put a TLs
+ # proxy in front.
+ glance::api::bind_host:
+ if:
+ - use_tls_proxy
+ - 'localhost'
+ - {get_param: [ServiceNetMap, GlanceApiNetwork]}
step_config: |
include ::tripleo::profile::base::glance::api
service_config_settings: